From: Filippo Valsorda Date: Thu, 21 Nov 2024 18:10:49 +0000 (+0100) Subject: crypto/internal/fips140/rsa: support separate MGF1 hash for EncryptOAEP X-Git-Tag: go1.24rc1~110 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=e6977837fc3d7d187436c2e8c8ac88f044ab551f;p=gostls13.git crypto/internal/fips140/rsa: support separate MGF1 hash for EncryptOAEP We might or might not want to expose it, but it makes the internal API symmetrical, and lets us decide to do it in the future without changing the FIPS module. Updates #65716 Change-Id: Iea431a527ab17b9f00dee4da25761cedb2c2eba0 Reviewed-on: https://go-review.googlesource.com/c/go/+/630655 Auto-Submit: Filippo Valsorda LUCI-TryBot-Result: Go LUCI Reviewed-by: Russ Cox Reviewed-by: Roland Shoemaker --- diff --git a/src/crypto/internal/fips140/rsa/pkcs1v22.go b/src/crypto/internal/fips140/rsa/pkcs1v22.go index 2e82317ffa..c7aa955bb4 100644 --- a/src/crypto/internal/fips140/rsa/pkcs1v22.go +++ b/src/crypto/internal/fips140/rsa/pkcs1v22.go @@ -374,7 +374,7 @@ func checkApprovedHash(hash fips140.Hash) { // EncryptOAEP encrypts the given message with RSAES-OAEP. // // In FIPS mode, random is ignored and can be nil. -func EncryptOAEP(hash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { +func EncryptOAEP(hash, mgfHash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { // Note that while we don't commit to deterministic execution with respect // to the random stream, we also don't apply MaybeReadByte, so per Hyrum's // Law it's probably relied upon by some. It's a tolerable promise because a @@ -413,8 +413,8 @@ func EncryptOAEP(hash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte } } - mgf1XOR(db, hash, seed) - mgf1XOR(seed, hash, db) + mgf1XOR(db, mgfHash, seed) + mgf1XOR(seed, mgfHash, db) return encrypt(pub, em) } diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go index a08de0e75e..309ed273ec 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -172,7 +172,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l if err != nil { return nil, err } - return fipsError2(rsa.EncryptOAEP(hash, random, k, msg, label)) + return fipsError2(rsa.EncryptOAEP(hash, hash, random, k, msg, label)) } // DecryptOAEP decrypts ciphertext using RSA-OAEP.